klsphotos
asked on
Finding systems using SMB1?
Hi Experts,
Is there a easy way to detect systems on my network using SMB1? I see that it is installed on some of our servers, and we are also using SMB ISCsci storage for our Hyper V's, but I don't want to have to go to every server and see if it's enabled, I'd like to be able to view everything and see not only where it's enabled, but if it's being used.
I have Microsoft Message Analyzer but am stuck as of typing this.
Thank you in advance.
Karen
Is there a easy way to detect systems on my network using SMB1? I see that it is installed on some of our servers, and we are also using SMB ISCsci storage for our Hyper V's, but I don't want to have to go to every server and see if it's enabled, I'd like to be able to view everything and see not only where it's enabled, but if it's being used.
I have Microsoft Message Analyzer but am stuck as of typing this.
Thank you in advance.
Karen
masnrock
You could set up a system with Wirrshark and monitor traffic. That way you can see what systems are actually sending SMB v1 traffic.
Is there a easy way to detect systems on my network using SMB1?
Push a GPO or registry patch to disable SMB1 on all servers, and then see which client machines fail.
Push a GPO or registry patch to disable SMB1 on all servers, and then see which client machines fail.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you everyone! I thought about doing the GP disable, but am unable to do that. We do have some older servers (2008) that we are migrating services off of, I am suspecting some of them are. I'm still trying to figure out how to confirm it on our storage servers that are hosting the storage for our Hyper v hosts.
All workstations are windows 10.
All workstations are windows 10.
Thanks for the update.
Without any tools? Low tech Honeypot. Create an SMB1 share and force all clients to create a file there (with GPO or the like), perhaps %COMPUTERNAME%.txt. Any computer that can create a file, fails adit.